OpsRamp supports patch management for Windows and Linux operating systems.

OpsRamp provides a list of missing patches that you can install in your devices. You can create jobs to automate the missing patches process that runs at the scheduled time and date on each device. All users added to the missing patch request job receive notifications after the job starts. You can filter the missing patches using the patch baselines for Windows and Linux devices.

Create jobs for missing patches

You can create and schedule a job to identify the missing patches in your Windows or Linux devices and view the missing patches after running the jobs.

  1. Select a client from the All Clients list.

  2. Go to Automation > Jobs > Jobs List and click Create.

  3. From Add Job, enter:

    • Select Client: Client name
    • Job Type: Reason for creating the job. For example, you can select Missing Patches Request to create a job to identify the missing patches.
    • Job Name: Unique name for the job process.
  4. Go to the Job Schedule section and enter:

    • Start Date: Start date of the job process.

    • Recurrence Pattern: Pattern that you want to run the job.

      • Daily
      • Weekly
      • Monthly
      • Run Once
      • Never
    • Devices: Devices that you want to add for patching.

    • Add Users: Users receiving the notification when a patch scan job executes.

  5. Click Save.

The created job is displayed on the Job List page.

After creating the job, you can view that on the Automation > Jobs > Jobs List page. The Jobs list page displays the Client Name, Job Name, Job Type, Job Schedule, Devices, UUID, and Run Now.

You can use the Run Now option to run the job at that moment.

View resources with missing patches

You can view the list of missing patches in the application using one of the following options:

  • By Patch
  • By Device

View by patch

The By Patch option allows you to view the list of missing patches applicable to each device. The other available patch status is – Missing, Approved, Installed, and Failed.

  1. Select a client from the All Clients list.

  2. Go to Automation > Patch Management > Missing Patches and click By Patch (Default option).

  3. After selecting By Patch, select one of the following operating systems:

    • Windows (Default option)
    • Linux
  4. From the options in the drop-down menu, select the Baseline.

  5. After selecting the Baseline, select one of the following options:

    • INCLUDE (Default option)
    • EXCLUDE

The list of missing patches for the selected operating system is displayed.

The numeral in the Missing column allows you to view the devices that require patch management. Click the numeral to view the list of devices.

View by patch (Windows)

By Patch - Windows

All users added to the missing patches job receive an email after the patch scan process.when new patches supersede the existing approved patches with the same KBID. The email consists of a consolidated list of the following:

  • No of devices successfully scanned for patches.
  • No of devices failed for patch scan.
  • No of devices that have superseded patches and unapproved by OpsRamp.

View by patch (Linux)

By Patch - Linux
  • After you get the missing patches list, you can approve the selected missing patches. For more information, view Patch Approvals.
  • The missing patches page does not display the Approve button after you select the baseline.
  • The list displayed in the Baseline drop-down menu is dependent on the selected operating system.

View by device

  1. Select a client from the All Clients list.
  2. Go to Automation > Patch Management > Missing Patches.
  3. From the list of missing patches page, click By Device.
    All devices that require patches appear.

The numeral in the Missing column allows you to view the list of missing patches for a selected device. Click the numeral to view the list of patches.

By Device

View missing patches at the resource management level

You can also view the missing patches for a device from the Infrastructure > Resources tab using one of the following options:

  • By Patch
  • By Device

View by patch at the resource management level

You can view the missing patches for the device from the Infrastructure page.

  1. Select a client from the All Clients list.

  2. Go to Automation > Patch Management > Missing Patches.

  3. From the list of missing patches, click By Patch.

  4. After selecting By Patch, select one of the following operating systems:

    • Windows
    • Linux
  5. From the Missing patch numbers, click the numeric value to view the devices that require patch management.

  6. From Device List of Security Update, click the name.

  7. From the center pane, click Patches.

  8. After selecting Patches, do one of the following actions:

    1. From the options in the drop-down menu, select the Baseline.
    2. Click the Missing tab to view the missing patches.

The other tabs appearing on the screen are: Approved, Installed, and Failed.

View by device at the resource management level

  1. Select a client from the All Clients list.
  2. Go to Automation > Patch Management > Missing Patches.
  3. From the list of missing patches page, click By Device. All devices that require patches are displayed.
  4. From the Name column, click the name.
  5. From the center pane, click Patches.
  6. After selecting Patches, do one of the following actions:
    1. From the options in the drop-down menu, select the Baseline.
    2. Click the Missing tab to view the missing patches.

The other tabs appearing on the screen are: Approved, Installed, and Failed.

Internal patching process

The patching process starts immediately after you schedule the Missing Patches Request job.

This process is shown for Linux resources.

After the patch configuration job begins, the agent executes the following steps.

Step 1: Agent displays a control message

The control message is displayed after the missing patches request job begins:

Control MSG xml received by agent: <cm><id>MISSING_PATCH_REQ</id><reqid>2018-06-21 06:27:31</reqid><params></params></cm>

Step 2: Agent runs the missing patch request job

The job is run using the related python scripts present in the agent/lib folder.

The agent internally executes the following files corresponding to the OS distribution and generates a patch_scan_result.json file at the path location: /opt/opsramp/agent/tmp/patch_scan_result.json:

  • UBUNTU – /usr/bin/python /opt/opsramp/agent/lib/apt_frame.py scan
  • FEDORA, CENTOS – /usr/bin/python /opt/opsramp/agent/lib/yum_frame.py scan
  • SUSE – /usr/bin/python /opt/opsramp/agent/lib/zypper_frame.py
  • DARWIN – /usr/bin/python /opt/opsramp/agent/lib/mac_frame.py

Step 3: The Agent reads the .json file and sends a control message to the cloud.

The obtained patch information is displayed in the patches tab of the device in the Infrastructure tab.